A recent study revealed that up to half of the U.S workforce works at least part of the time away from an employer’s location. Those remote employees routinely log in to their employers’ networks, and each of those logins represents a unique opportunity for cyberattackers to breach those networks and to steal data and information or to launch a ransomware attack that locks employees out of the network.
A cybersecurity strategy that accounts for remote employees begins with an inventory of the employer’s data and information and a thorough assessment of the threats and risks to that data in the event of a cyber attack. That inventory will allow an employer to develop a cyber protection policy that forms the basis of training and educating remote employees.
Remote employees might work from their homes or from some other location. The employer’s remote policy should consider both options, which will pose many of the same challenges albeit with a few variables. A good remote employee cyber protection strategy for employees who work at their homes will include:
– Mandatory strong and secure passwords for logins to an employer’s networks, with frequent changes to those passwords. Remote employees in particular should avoid using the same password for different logins, regardless of the strength of the password. A password manager can help a remote employee to track and change passwords frequently.
– Two- or multi-factor authentication(2FA/MFA) for remote employee logins. This methodology will provide greater assurances that the individual who is attempting to log in to an employee’s is, in fact, an employee with authorization for that login.
– Virtual private networks (“VPNs”) at the remote employee’s home. A VPN will encrypt all data and communications from the remote home location, thus raising the bar against attempts by hackers to steal and use those communications to go deeper into an employer’s network.
Employees that work remotely and outside of their homes should adopt a few additional strategies to maintain the cybersecurity of communications with their home offices.
– Enhanced physical and technical security of computers and electronic devices. Hackers routinely steal computers, smartphones, and tablets in order to draw information from them that will enable further cyberattacks. Remote employees need to take greater care with the physical integrity of their computers. Enabling remote data wipe technology will help to protect data in the event that a device is lost or stolen.
– Avoid using free public Wi-Fi. Free Wi-Fi locations are notorious for giving hackers an opportunity to steal sensitive data through vulnerabilities in routers and “man-in-the-middle” attacks. The slight added cost of providing remote employees with secure cellular hotspot technology is more than justified in view of the risks posed by the free Wi-Fi alternative.
– Be aware of prying eyes. More than a few cyberattacks trace their origins to information that was gleaned by a hacker who simply looked over someone’s shoulder. Privacy screens and situational awareness can preclude this possibility.
The modern essentially requires employers to allow employees to work remotely, which also forces employers to formulate cybersecurity strategies that account for a remote workforce. Physical and technical defenses for remote employees are as critical as developing a containment and recovery strategy in the event that those defenses fail to prevent a data breach.
Cyber protection insurance is a key component of every thorough recovery strategy. That insurance can provide reimbursement for an employer’s direct losses and coverage for third-party liabilities that arise when an employer’s loss of customer data exposes its customers to identify theft and financial fraud. Cyber protection insurance can also help an employer to maintain its reputation in its industry by allowing it to recover from a data breach more quickly and to continue to provide products and services to clients and customers.